Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Evening Standard
Evening Standard
Technology
Saqib Shah

British Airways cyberattack: What we know so far

Tens of thousands of British Airways, Boots and BBC staff may have had their personal details stolen in a suspected cyberattack.

Payroll provider Zellis, which is used by hundreds of companies in the UK, confirmed on Monday that eight of its clients had been affected.

The attack was reportedly orchestrated by a prolific Russian cyber-crime gang known as Clop. The outfit is known for extorting industrial organisations with ransomware attacks.

British Airways said in a statement that the incident occurred because of a “vulnerability” in a third-party tool, called MoveIT, used by Zellis to transfer files. Boots said the attack had included some of its employees’ personal details.

US researchers first rang alarm bells over the theft of data from MoveIt users last Thursday after the company revealed that it had discovered a security flaw.

What have BA said about they cyberattack?

A spokesman for British Airways said: "We have been informed that we are one of the companies impacted by Zellis’ cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.

"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one. This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool.

"We have notified those colleagues whose personal information has been compromised to provide support and advice."

What type of data may have been compromised?

The compromised data is believed to have included names, addresses and national insurance numbers.

Boots employs over 50,000 people in Britain, while British Airways has about 30,000 staff.

Who are the Russian hacking group Clop?

Russian hacking group Clop has previously claimed to have infiltrated and stolen data from UK organisations such as Thames Water, NHS and an IT firm that handled access to the police national computer (PNC). The cyber-criminals typically leak some of the material they plunder on the dark web if their ransom demands are not met.

Clop has also conducted mass attacks that preyed upon flaws in other file transfer tools, including Fortra and Accellion.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.